Data Breaches

Taking advantage of recent stolen credential dumps, attackers have been exploiting legacy protocols like IMAP to engage in high-volume password-spraying campaigns for the purpose of breaking into companies’ cloud accounts, researchers at Proofpoint are reporting. Used by email clients to retrieve messages from a server, IMAP (Internet Message Access Protocol) is an ideal protocol to…

Threat actors launched ransomware attacks against three U.S. colleges seizing the data on students applying for admission to the schools and demanded 1 Bitcoin or approximately $3,800 from students to retrieve their “entire admission file.” Attackers targeted Oberlin College in Ohio, Grinnell College in Iowa, and Hamilton College in New York to seize teacher recommendations,…

In a first of its kind partnership and event, cybersecurity students from Norwich University teamed up with Respond Software to monitor cyber attacks during the NCAA College Football Playoff Championship between the Clemson Tigers and Alabama Crimson Tide. Together with stadium security, the team analyzed and resolved over 243,000 monitored events and threats during game…

An exposed database at data broker Exactis exposed nearly 340 million records amounting to around two terabytes of information. “If U.S. citizens did not think their personal information has ever been compromised, this should convince them it definitely is,” said Robert Capps, vice president and authentication strategist for NuData Security, noting the Exactis “breach blows up…

A file named myheritage discovered on an outside private server contained the email addresses and hashed passwords of more than 92 million MyHeritage customers, the genealogy and DNA testing company’s CISO said. “Immediately upon receipt of the file, MyHeritage’s Information Security Team analyzed the file and began an investigation to determine how its contents were…

Under Armour notified MyFitnessPal users that an unauthorized third party accessed usernames, email addresses and hashed passwords in about 150 million accounts in late February, The hashed passwords affected were in large part ones “with the hashtag function called bcrypt used to secure passwords,” the company said in an alert. “The affected data did not…

The records of roughly 50,000 students, parents, teachers and staff members from the Leon County Schools District in Tallahassee, Fla. were compromised in two related breach incidents involving a third-party education services provider.

The UK-based digital watchdog organization Open Rights Group is expressing concern that an age verification tool for pornography sites could potentially expose users’ sensitive data, according to a report from the BBC.